I had a meeting today in another department and found out they had been hacked into multiple times. It seems they are running Dell NAS devices. Enough said….Well, ok maybe I should go into more detail on the horrors of Windows NAS boxes.

Windows NAS boxes are stripped down versions of Windows 2000/2003 server. They are considered by Microsoft to be secured because a number of services are not included. These NAS devices are known as headless servers because they are administered remotely by a custom web interface….or was it because the engineers left their head at home that day? Anyways, the vendor typically gives the admins a disk image of the hard disk (NOT an install disk), which means if you screw something up you’re going to have a really bad day. Security is built in from the beginning for this install (Just like Windows XP, 2003, and U.T.O.), but unfortunately administrators cannot do Windows Updates. Doing a normal Windows update will break the NAS device and it must be reloaded. Microsoft provides the vendor with the updates and the vendor releases them to the public. Translation, this is a highly insecure Windows file server that says “hack me!!” If you purchased one of these NAS devices I recommend you back the file system, add more memory, and install something like Windows 2003 R2.

Windows 2003 R2 supports file and directory enumeration, which means your faculty and staff won’t be clicking on folders that say “access denied”. I just love seeing the gleam in the faculty’s eye when it says access denied….Don’t you?